|
Home > Archive > Radius Server > December 2005 > IAS certificate
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I'm trying to setup wired port security using PEAP. I have setup a MS CA but
am now confused about how to get a certificate on the server running IAS.
From the IAS server I used the web form to request a certificate and then
installed it from that form as well (through the browser). However, when I
try to enable PEAP within the Remote Access Policy I'm told that a
certificate can't be found that can be used with EAP.
When requesting the cert I did speicfiy a server authenication certificate.
Obvously, I'm missing something. Any help is much appreciated.
Allen
| |
|
| I should add that I'm using Windows 2000 for both the CA and IAS.
"Allen" wrote:
> I'm trying to setup wired port security using PEAP. I have setup a MS CA but
> am now confused about how to get a certificate on the server running IAS.
> From the IAS server I used the web form to request a certificate and then
> installed it from that form as well (through the browser). However, when I
> try to enable PEAP within the Remote Access Policy I'm told that a
> certificate can't be found that can be used with EAP.
>
> When requesting the cert I did speicfiy a server authenication certificate.
> Obvously, I'm missing something. Any help is much appreciated.
>
> Allen
>
| |
| Washington Moreira 2005-12-17, 5:55 pm |
| Hi Allen
Certificates for IAS with PEAP needs some special requirements.
You can search on MS Site for theese requirements. Use IAS, certificates,
PEAP, wireless keywords.
TKS
Washington Moreira
"Allen" <Allen@discussions.microsoft.com> wrote in message
news:AE0DA16D-BF27-4E52-AAAA-BACE7077863D@microsoft.com...
> I'm trying to setup wired port security using PEAP. I have setup a MS CA
> but
> am now confused about how to get a certificate on the server running IAS.
> From the IAS server I used the web form to request a certificate and then
> installed it from that form as well (through the browser). However, when
> I
> try to enable PEAP within the Remote Access Policy I'm told that a
> certificate can't be found that can be used with EAP.
>
> When requesting the cert I did speicfiy a server authenication
> certificate.
> Obvously, I'm missing something. Any help is much appreciated.
>
> Allen
>
| |
| James McIllece [MS] 2005-12-19, 6:02 pm |
| "=?Utf-8?B?QWxsZW4=?=" <Allen@discussions.microsoft.com> wrote in
news:AE0DA16D-BF27-4E52-AAAA-BACE7077863D@microsoft.com:
> I'm trying to setup wired port security using PEAP. I have setup a MS
> CA but am now confused about how to get a certificate on the server
> running IAS. From the IAS server I used the web form to request a
> certificate and then installed it from that form as well (through the
> browser). However, when I try to enable PEAP within the Remote Access
> Policy I'm told that a certificate can't be found that can be used
> with EAP.
>
> When requesting the cert I did speicfiy a server authenication
> certificate. Obvously, I'm missing something. Any help is much
> appreciated.
>
> Allen
>
Hi Allen --
Certificates that do not meet the minimum cert requirements won't appear in
the IAS console for selection for use with PEAP.
The cert must have the Server Authentication purpose in Enhanced Key Usage
extensions, and must meet other requirements that are described in the Help
topic "Network access authentication and certificates" in Windows Server
2003 IAS or VPN Help, or on the web at
http://www.microsoft.com/technet/pr...03/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.
You should probably also refer to the following whitepaper, which is
written for Windows Server 2003 and W2K.:
"Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows"
http://www.microsoft.com/downloads/...=05951071-6b20-
4cef-9939-47c397ffd3dd&DisplayLang=en
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| So, according to the first link, I need to create a certificate template? Is
there anyway to create a certificate template when the CA is stand alone?
"James McIllece [MS]" wrote:
> "=?Utf-8?B?QWxsZW4=?=" <Allen@discussions.microsoft.com> wrote in
> news:AE0DA16D-BF27-4E52-AAAA-BACE7077863D@microsoft.com:
>
>
> Hi Allen --
>
> Certificates that do not meet the minimum cert requirements won't appear in
> the IAS console for selection for use with PEAP.
>
> The cert must have the Server Authentication purpose in Enhanced Key Usage
> extensions, and must meet other requirements that are described in the Help
> topic "Network access authentication and certificates" in Windows Server
> 2003 IAS or VPN Help, or on the web at
> http://www.microsoft.com/technet/pr...03/library/Serv
> erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.
>
> You should probably also refer to the following whitepaper, which is
> written for Windows Server 2003 and W2K.:
>
>
> "Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows"
> http://www.microsoft.com/downloads/...=05951071-6b20-
> 4cef-9939-47c397ffd3dd&DisplayLang=en
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
| James McIllece [MS] 2005-12-20, 5:57 pm |
| "=?Utf-8?B?QWxsZW4=?=" <Allen@discussions.microsoft.com> wrote in
news:B046592B-E90A-41A8-A711-12F00426C256@microsoft.com:
> So, according to the first link, I need to create a certificate
> template? Is there anyway to create a certificate template when the
> CA is stand alone?
>
> "James McIllece [MS]" wrote:
>
>
I haven't deployed a standalone CA myself -- but I assume that all you need
to do is open the Certificate Templates snap-in, select the template that
you want to duplicate, and then modify the duplicated template as per your
requirements. You might need to read documentation on Certificate Services
to get this done correctly. If that is the case you can use documentation
on the Web site "Public Key Infrastructure for Windows Server 2003" at
http://www.microsoft.com/windowsser...i/default.mspx.
Don't forget, too, that in order for your solution to work, client
computers connecting to your network must trust the CA that issued the
server certificate to your IAS server.
In literal terms, this means that your CA's certificate must be in the
Trusted Root certification Authorities store on the client computers.
Your best bet is to read the wired whitepaper, it probably explains all of
this (including how to deploy it) in good detail.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|